Analysis Report FACTURA Y ALBARANES (2).exe

Overview

General Information

Sample Name: FACTURA Y ALBARANES (2).exe
Analysis ID: 432966
MD5: 0a2ce5a915bf643953baf2fcf3b25a5e
SHA1: 21a26264df4f615da898b38ef9332ff66d24b505
SHA256: 5a5428877719d24368bc14761dee49adf676fd883abd3a8c30b84c0b0c7e13f5
Infos:

Most interesting Screenshot:

Detection

GuLoader
Score: 92
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Potential malicious icon found
Yara detected GuLoader
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Found potential dummy code loops (likely to delay analysis)
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Creates a DirectInput object (often for capturing keystrokes)
Detected potential crypto function
PE file contains strange resources
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection:

barindex
Found malware configuration
Source: FACTURA Y ALBARANES (2).exe Malware Configuration Extractor: GuLoader {"Payload URL": "https://drive.google.com/uc?export=download&id=10cWvVkUqjSi-M-x6hHokSklVF3h_YX3c"}
Multi AV Scanner detection for submitted file
Source: FACTURA Y ALBARANES (2).exe Virustotal: Detection: 58% Perma Link
Source: FACTURA Y ALBARANES (2).exe Metadefender: Detection: 37% Perma Link
Source: FACTURA Y ALBARANES (2).exe ReversingLabs: Detection: 86%

Compliance:

barindex
Uses 32bit PE files
Source: FACTURA Y ALBARANES (2).exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Networking:

barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: https://drive.google.com/uc?export=download&id=10cWvVkUqjSi-M-x6hHokSklVF3h_YX3c

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Creates a DirectInput object (often for capturing keystrokes)
Source: FACTURA Y ALBARANES (2).exe, 00000000.00000002.720824520.000000000077A000.00000004.00000020.sdmp Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary:

barindex
Potential malicious icon found
Source: initial sample Icon embedded in PE file: bad icon match: 20047c7c70f0e004
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Process Stats: CPU usage > 98%
Contains functionality to call native functions
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234A440 NtAllocateVirtualMemory, 0_2_0234A440
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234A434 NtAllocateVirtualMemory, 0_2_0234A434
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234A653 NtAllocateVirtualMemory, 0_2_0234A653
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234A44E NtAllocateVirtualMemory, 0_2_0234A44E
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234A496 NtAllocateVirtualMemory, 0_2_0234A496
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234A6FC NtAllocateVirtualMemory, 0_2_0234A6FC
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234A52C NtAllocateVirtualMemory, 0_2_0234A52C
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234A75E NtAllocateVirtualMemory, 0_2_0234A75E
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234A7C7 NtAllocateVirtualMemory, 0_2_0234A7C7
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234A5C9 NtAllocateVirtualMemory, 0_2_0234A5C9
Detected potential crypto function
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234A440 0_2_0234A440
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234A434 0_2_0234A434
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347A31 0_2_02347A31
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347C32 0_2_02347C32
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347E1C 0_2_02347E1C
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02344806 0_2_02344806
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02346E02 0_2_02346E02
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02345208 0_2_02345208
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234E07D 0_2_0234E07D
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234746D 0_2_0234746D
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347656 0_2_02347656
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02345046 0_2_02345046
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347840 0_2_02347840
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234A44E 0_2_0234A44E
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02344C4A 0_2_02344C4A
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347EB9 0_2_02347EB9
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02346EA0 0_2_02346EA0
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_023448A1 0_2_023448A1
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02348096 0_2_02348096
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234A496 0_2_0234A496
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234529A 0_2_0234529A
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02344A80 0_2_02344A80
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234708A 0_2_0234708A
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02349EF1 0_2_02349EF1
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_023478E5 0_2_023478E5
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_023476EE 0_2_023476EE
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347AEA 0_2_02347AEA
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_023450D5 0_2_023450D5
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347CDB 0_2_02347CDB
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_023516CD 0_2_023516CD
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02344732 0_2_02344732
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234473E 0_2_0234473E
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234813E 0_2_0234813E
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347139 0_2_02347139
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02344F27 0_2_02344F27
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02344F22 0_2_02344F22
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347323 0_2_02347323
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234E51C 0_2_0234E51C
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02344B1F 0_2_02344B1F
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234531F 0_2_0234531F
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347504 0_2_02347504
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347562 0_2_02347562
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234516A 0_2_0234516A
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347F6A 0_2_02347F6A
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02346D55 0_2_02346D55
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347555 0_2_02347555
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02346D57 0_2_02346D57
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02344940 0_2_02344940
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_023431BD 0_2_023431BD
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02344BBD 0_2_02344BBD
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_023475A8 0_2_023475A8
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347796 0_2_02347796
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02344F97 0_2_02344F97
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347D92 0_2_02347D92
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234439E 0_2_0234439E
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347B9B 0_2_02347B9B
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234798C 0_2_0234798C
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02344FF0 0_2_02344FF0
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_023481F3 0_2_023481F3
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347FFD 0_2_02347FFD
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_023449E4 0_2_023449E4
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02346FE8 0_2_02346FE8
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_023471DF 0_2_023471DF
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_023473CC 0_2_023473CC
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_023431C8 0_2_023431C8
PE file contains strange resources
Source: FACTURA Y ALBARANES (2).exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Sample file is different than original file name gathered from version info
Source: FACTURA Y ALBARANES (2).exe, 00000000.00000000.197531637.0000000000423000.00000002.00020000.sdmp Binary or memory string: OriginalFilenameabjections.exe vs FACTURA Y ALBARANES (2).exe
Source: FACTURA Y ALBARANES (2).exe, 00000000.00000002.720675251.0000000000740000.00000002.00000001.sdmp Binary or memory string: OriginalFilenameuser32j% vs FACTURA Y ALBARANES (2).exe
Source: FACTURA Y ALBARANES (2).exe Binary or memory string: OriginalFilenameabjections.exe vs FACTURA Y ALBARANES (2).exe
Uses 32bit PE files
Source: FACTURA Y ALBARANES (2).exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: classification engine Classification label: mal92.rans.troj.evad.winEXE@1/0@0/0
Source: FACTURA Y ALBARANES (2).exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Section loaded: C:\Windows\SysWOW64\msvbvm60.dll Jump to behavior
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: FACTURA Y ALBARANES (2).exe Virustotal: Detection: 58%
Source: FACTURA Y ALBARANES (2).exe Metadefender: Detection: 37%
Source: FACTURA Y ALBARANES (2).exe ReversingLabs: Detection: 86%

Data Obfuscation:

barindex
Yara detected GuLoader
Source: Yara match File source: FACTURA Y ALBARANES (2).exe, type: SAMPLE
Source: Yara match File source: 0.2.FACTURA Y ALBARANES (2).exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.0.FACTURA Y ALBARANES (2).exe.400000.0.unpack, type: UNPACKEDPE
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0040AC0D push ebx; iretd 0_2_0040AC0E
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0040AEB5 push ecx; iretd 0_2_0040AEBA
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_00407B26 push es; ret 0_2_00407B27
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion:

barindex
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347A31 0_2_02347A31
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347C32 0_2_02347C32
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347E1C 0_2_02347E1C
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234601B 0_2_0234601B
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02346E02 0_2_02346E02
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234E07D 0_2_0234E07D
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234746D 0_2_0234746D
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347656 0_2_02347656
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02345E5B 0_2_02345E5B
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347840 0_2_02347840
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347EB9 0_2_02347EB9
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02346EA0 0_2_02346EA0
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02348096 0_2_02348096
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234828C 0_2_0234828C
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234708A 0_2_0234708A
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02345EF0 0_2_02345EF0
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_023478E5 0_2_023478E5
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_023476EE 0_2_023476EE
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347AEA 0_2_02347AEA
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02345CD6 0_2_02345CD6
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02345CD8 0_2_02345CD8
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347CDB 0_2_02347CDB
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_023516CD 0_2_023516CD
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02345D3E 0_2_02345D3E
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234813E 0_2_0234813E
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347139 0_2_02347139
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02344F22 0_2_02344F22
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347323 0_2_02347323
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02343B2D 0_2_02343B2D
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234E51C 0_2_0234E51C
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347504 0_2_02347504
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347562 0_2_02347562
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347F6A 0_2_02347F6A
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347555 0_2_02347555
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02346D57 0_2_02346D57
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02346145 0_2_02346145
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02343B42 0_2_02343B42
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02348343 0_2_02348343
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_023475A8 0_2_023475A8
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347796 0_2_02347796
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347D92 0_2_02347D92
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234439E 0_2_0234439E
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02345F9A 0_2_02345F9A
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02348D9A 0_2_02348D9A
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347B9B 0_2_02347B9B
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02348D81 0_2_02348D81
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234798C 0_2_0234798C
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_023481F3 0_2_023481F3
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02347FFD 0_2_02347FFD
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02346FE8 0_2_02346FE8
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_023471DF 0_2_023471DF
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02345DD9 0_2_02345DD9
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_023473CC 0_2_023473CC
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe RDTSC instruction interceptor: First address: 000000000234F14D second address: 000000000234F14D instructions:
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe RDTSC instruction interceptor: First address: 000000000234F0DE second address: 000000000234F0DE instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b add esi, 02h 0x0000000e cmp word ptr [esi], 0000h 0x00000012 jne 00007F4AD47CC765h 0x00000014 mov ebx, edx 0x00000016 shl edx, 05h 0x00000019 add edx, ebx 0x0000001b movzx ebx, byte ptr [esi] 0x0000001e cmp cx, dx 0x00000021 add edx, ebx 0x00000023 xor edx, 370C63DEh 0x00000029 pushad 0x0000002a lfence 0x0000002d rdtsc
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe RDTSC instruction interceptor: First address: 000000000234F14D second address: 000000000234F14D instructions:
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234A440 rdtsc 0_2_0234A440
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Anti Debugging:

barindex
Found potential dummy code loops (likely to delay analysis)
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Process Stats: CPU usage > 90% for more than 60s
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234A440 rdtsc 0_2_0234A440
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234E88D mov eax, dword ptr fs:[00000030h] 0_2_0234E88D
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02345CD6 mov eax, dword ptr fs:[00000030h] 0_2_02345CD6
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02345CD8 mov eax, dword ptr fs:[00000030h] 0_2_02345CD8
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02344F22 mov eax, dword ptr fs:[00000030h] 0_2_02344F22
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_0234EF17 mov eax, dword ptr fs:[00000030h] 0_2_0234EF17
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_023495A4 mov eax, dword ptr fs:[00000030h] 0_2_023495A4
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_023495A2 mov eax, dword ptr fs:[00000030h] 0_2_023495A2
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: FACTURA Y ALBARANES (2).exe, 00000000.00000002.721168679.0000000000E00000.00000002.00000001.sdmp Binary or memory string: Program Manager
Source: FACTURA Y ALBARANES (2).exe, 00000000.00000002.721168679.0000000000E00000.00000002.00000001.sdmp Binary or memory string: Shell_TrayWnd
Source: FACTURA Y ALBARANES (2).exe, 00000000.00000002.721168679.0000000000E00000.00000002.00000001.sdmp Binary or memory string: Progman
Source: FACTURA Y ALBARANES (2).exe, 00000000.00000002.721168679.0000000000E00000.00000002.00000001.sdmp Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

barindex
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\FACTURA Y ALBARANES (2).exe Code function: 0_2_02348869 cpuid 0_2_02348869
No contacted IP infos